The Agent Skills Directory

[SAFE]: The skill's behavior is entirely local and restricted to the workspace. It reads markdown and LaTeX inputs and writes a JSON outline, which is standard behavior for the described research automation task.
[SAFE]: The execution of the local Python validation script (scripts/validate_outline.py) is limited to schema and semantic checks of the generated JSON file. It uses the standard jsonschema library and does not perform any high-risk operations.
[PROMPT_INJECTION]: The skill ingests untrusted text from several input files to generate content for downstream AI agents, creating a surface for indirect prompt injection.
Ingestion points: idea.md, experimental_log.md, template.tex, and conference_guidelines.md from the workspace/inputs/ directory.
Boundary markers: The instructions direct the agent to prepend an 'Anti-Leakage Prompt' from a reference file to mitigate prompt leakage or injection.
Capability inventory: The skill writes a single JSON file and executes a local validation script; it does not have network access or administrative privileges.
Sanitization: The output is strictly validated against a JSON schema (outline_schema.json) and subjected to additional semantic checks (e.g., snake_case validation, enum checks) by the validation script.

outline-agent